{
	"id": "4a5349ae-0182-42ba-ae18-ade30163bfed",
	"created_at": "2026-04-06T00:08:31.313315Z",
	"updated_at": "2026-04-10T03:21:44.572836Z",
	"deleted_at": null,
	"sha1_hash": "dff8b02605cd0b6004b9099f4b7e5e6e6874546a",
	"title": "Use instance metadata to manage your EC2 instance",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 103652,
	"plain_text": "Use instance metadata to manage your EC2 instance\r\nArchived: 2026-04-05 22:24:52 UTC\r\nami-id The AMI ID used to launch the instance. 1.0 ami-launch-index If you launch multiple instances using\r\nthe same RunInstances call, this value indicates the launch order for each instance. The value of the first\r\ninstance launched is 0. If you launch instances using Auto Scaling or EC2 fleet, this value is always 0. 1.0 ami-manifest-path The path to the AMI manifest file in Amazon S3. If you used an Amazon EBS-backed AMI to\r\nlaunch the instance, the returned result is unknown . 1.0 ancestor-ami-ids The AMI IDs of any instances that\r\nwere rebundled to create this AMI. This value will only exist if the AMI manifest file contained an ancestor-amis key. 2007-10-10 autoscaling/target-lifecycle-state\r\nValue showing the target Auto Scaling lifecycle state that an Auto Scaling instance is transitioning to. Present\r\nwhen the instance transitions to one of the target lifecycle states after March 10, 2022. Possible values: Detached\r\n| InService | Standby | Terminated | Warmed:Hibernated | Warmed:Running | Warmed:Stopped |\r\nWarmed:Terminated . See Retrieve the target lifecycle state through instance metadata in the Amazon EC2 Auto\r\nScaling User Guide.\r\n2021-07-15 block-device-mapping/ami The virtual device that contains the root/boot file system. 2007-12-15\r\nblock-device-mapping/ebs N The virtual devices associated with any Amazon EBS volumes. Amazon EBS\r\nvolumes are only available in metadata if they were present at launch time or when the instance was last started.\r\nThe N indicates the index of the Amazon EBS volume (such as ebs1 or ebs2 ). 2007-12-15 block-device-mapping/ephemeral N The virtual devices for any non-NVMe instance store volumes. The N indicates the index of\r\neach volume. The number of instance store volumes in the block device mapping might not match the actual\r\nnumber of instance store volumes for the instance. The instance type determines the number of instance store\r\nvolumes that are available to an instance. If the number of instance store volumes in a block device mapping\r\nexceeds the number available to an instance, the additional instance store volumes are ignored. 2007-12-15\r\nblock-device-mapping/root The virtual devices or partitions associated with the root devices or partitions on the\r\nvirtual device, where the root (/ or C:) file system is associated with the given instance. 2007-12-15 block-device-mapping/swap The virtual devices associated with swap . Not always present. 2007-12-15\r\nevents/maintenance/history If there are completed or canceled maintenance events for the instance, contains a\r\nJSON string with information about the events. 2018-08-17 events/maintenance/scheduled If there are active\r\nmaintenance events for the instance, contains a JSON string with information about the events. For more\r\ninformation, see View scheduled events that affect your Amazon EC2 instances. 2018-08-17\r\nevents/recommendations/rebalance The approximate time, in UTC, when the EC2 instance rebalance\r\nrecommendation notification is emitted for the instance. The following is an example of the metadata for this\r\ncategory: {\"noticeTime\": \"2020-11-05T08:22:00Z\"} . This category is available only after the notification is\r\nemitted. For more information, see EC2 instance rebalance recommendations. 2020-10-27 hostname If the EC2\r\ninstance is using IP-based naming (IPBN), this is the private IPv4 DNS hostname of the instance. If the EC2\r\ninstance is using Resource-based naming (RBN), this is the RBN. In cases where multiple network interfaces are\r\npresent, this refers to the eth0 device (the device for which the device number is 0). For more information about\r\nIPBN and RBN, see EC2 instance hostnames and domains. 1.0 iam/info If there is an IAM role associated with\r\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\r\nPage 1 of 4\n\nthe instance, contains information about the last time the instance profile was updated, including the instance's\r\nLastUpdated date, InstanceProfileArn, and InstanceProfileId. Otherwise, not present. 2012-01-12 iam/security-credentials/ role-name If there is an IAM role associated with the instance, role-name is the name of the role,\r\nand role-name contains the temporary security credentials associated with the role (for more information, see\r\nRetrieve security credentials from instance metadata). Otherwise, not present. 2012-01-12 identity-credentials/ec2/info Information about the credentials in identity-credentials/ec2/security-credentials/ec2-instance . 2018-05-23 identity-credentials/ec2/security-credentials/ec2-instance\r\nCredentials for the instance identity role that allow on-instance software to identify itself to AWS to support\r\nfeatures such as EC2 Instance Connect and AWS Systems Manager Default Host Management Configuration.\r\nThese credentials have no policies attached, so they have no additional AWS API permissions beyond identifying\r\nthe instance to the AWS feature. For more information, see Instance identity roles for Amazon EC2 instances.\r\n2018-05-23 instance-action Notifies the instance that it should reboot in preparation for bundling. Valid\r\nvalues: none | shutdown | bundle-pending . 2008-09-01 instance-id The ID of this instance. 1.0 instance-life-cycle The purchasing option of this instance. For more information, see Amazon EC2 billing and\r\npurchasing options. 2019-10-01 instance-type The type of instance. For more information, see Amazon EC2\r\ninstance types. 2007-08-29 ipv6 The IPv6 address of the instance. In cases where multiple network interfaces\r\nare present, this refers to the eth0 device (the device for which the device number is 0) network interface and the\r\nfirst IPv6 address assigned. If no IPv6 address exists on network interface[0], this item is not set and results in an\r\nHTTP 404 response. 2021-01-03 kernel-id The ID of the kernel launched with this instance, if applicable.\r\n2008-02-01 local-hostname In cases where multiple network interfaces are present, this refers to the eth0 device\r\n(the device for which the device number is 0). If the EC2 instance is using IP-based naming (IPBN), this is the\r\nprivate IPv4 DNS hostname of the instance. If the EC2 instance is using Resource-based naming (RBN), this is\r\nthe RBN. For more information about IPBN, RBN, and EC2 instance naming, see EC2 instance hostnames and\r\ndomains. 2007-01-19 local-ipv4 The private IPv4 address of the instance. In cases where multiple network\r\ninterfaces are present, this refers to the eth0 device (the device for which the device number is 0). If this is an\r\nIPv6-only instance, this item is not set and results in an HTTP 404 response. 1.0 mac The instance's media access\r\ncontrol (MAC) address. In cases where multiple network interfaces are present, this refers to the eth0 device (the\r\ndevice for which the device number is 0). 2011-01-01 metrics/vhostmd No longer available. 2011-05-01\r\nnetwork/interfaces/macs/ mac /device-number The unique device number associated with that interface. The\r\ndevice number corresponds to the device name; for example, a device-number of 2 is for the eth2 device. This\r\ncategory corresponds to the DeviceIndex and device-index fields that are used by the Amazon EC2 API and\r\nthe EC2 commands for the AWS CLI. 2011-01-01 network/interfaces/macs/ mac /interface-id The ID of the\r\nnetwork interface. 2011-01-01 network/interfaces/macs/ mac /ipv4-associations/ public-ip The private\r\nIPv4 addresses that are associated with each public IP address and assigned to that interface. 2011-01-01\r\nnetwork/interfaces/macs/ mac /ipv6s The IPv6 addresses assigned to the interface. 2016-06-30\r\nnetwork/interfaces/macs/ mac /ipv6-prefix The IPv6 prefix assigned to the network interface.\r\nnetwork/interfaces/macs/ mac /local-hostname\r\nThe private IPv4 DNS hostname of the instance. In cases where multiple network interfaces are present, this refers\r\nto the eth0 device (the device for which the device number is 0). If this is a IPv6-only instance, this is the\r\nresource-based name. For more information about IPBN and RBN, see EC2 instance hostnames and domains.\r\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\r\nPage 2 of 4\n\n2007-01-19 network/interfaces/macs/ mac /local-ipv4s The private IPv4 addresses associated with the\r\ninterface. If this is an IPv6-only network interface, this item is not set and results in an HTTP 404 response. 2011-\r\n01-01 network/interfaces/macs/ mac /mac The instance's MAC address. 2011-01-01\r\nnetwork/interfaces/macs/ mac /network-card The index of the network card. Some instance types support\r\nmultiple network cards. 2020-11-01 network/interfaces/macs/ mac /owner-id The ID of the owner of the\r\nnetwork interface. In multiple-interface environments, an interface can be attached by a third party, such as Elastic\r\nLoad Balancing. Traffic on an interface is always billed to the interface owner. 2011-01-01\r\nnetwork/interfaces/macs/ mac /public-hostname The interface's public DNS (IPv4). This category is only\r\nreturned if the enableDnsHostnames attribute is set to true . For more information, see DNS attributes for your\r\nVPC in the Amazon VPC User Guide. If the instance only has a public-IPv6 address and no public-IPv4 address,\r\nthis item is not set and results in an HTTP 404 response. 2011-01-01 network/interfaces/macs/ mac /public-ipv4s The public IP address or Elastic IP addresses associated with the interface. There may be multiple IPv4\r\naddresses on an instance. 2011-01-01 network/interfaces/macs/ mac /security-groups Security groups to\r\nwhich the network interface belongs. 2011-01-01 network/interfaces/macs/ mac /security-group-ids The IDs\r\nof the security groups to which the network interface belongs. 2011-01-01\r\nnetwork/interfaces/macs/ mac /subnet-id The ID of the subnet in which the interface resides. 2011-01-01\r\nnetwork/interfaces/macs/ mac /subnet-ipv4-cidr-block The IPv4 CIDR block of the subnet in which the\r\ninterface resides. 2011-01-01 network/interfaces/macs/ mac /subnet-ipv6-cidr-blocks The IPv6 CIDR block\r\nof the subnet in which the interface resides. 2016-06-30 network/interfaces/macs/ mac /vpc-id The ID of the\r\nVPC in which the interface resides. 2011-01-01 network/interfaces/macs/ mac /vpc-ipv4-cidr-block The\r\nprimary IPv4 CIDR block of the VPC. 2011-01-01 network/interfaces/macs/ mac /vpc-ipv4-cidr-blocks The\r\nIPv4 CIDR blocks for the VPC. 2016-06-30 network/interfaces/macs/ mac /vpc-ipv6-cidr-blocks The IPv6\r\nCIDR block of the VPC in which the interface resides. 2016-06-30 placement/availability-zone The\r\nAvailability Zone in which the instance launched. 2008-02-01 placement/availability-zone-id The static\r\nAvailability Zone ID in which the instance is launched. The Availability Zone ID is consistent across accounts.\r\nHowever, it might be different from the Availability Zone, which can vary by account. 2019-10-01\r\nplacement/group-name The name of the placement group in which the instance is launched. 2020-08-24\r\nplacement/host-id The ID of the host on which the instance is launched. Applicable only to Dedicated Hosts.\r\n2020-08-24 placement/partition-number The number of the partition in which the instance is launched. 2020-\r\n08-24 placement/region The AWS Region in which the instance is launched. 2020-08-24 product-codes AWS\r\nMarketplace product codes associated with the instance, if any. 2007-03-01 public-hostname The instance's\r\npublic DNS (IPv4). This category is only returned if the enableDnsHostnames attribute is set to true . For more\r\ninformation, see DNS attributes for your VPC in the Amazon VPC User Guide. If the instance only has a public-IPv6 address and no public-IPv4 address, this item is not set and results in an HTTP 404 response. 2007-01-19\r\npublic-ipv4 The public IPv4 address. If an Elastic IP address is associated with the instance, the value returned\r\nis the Elastic IP address. 2007-01-19 public-keys/0/openssh-key Public key. Only available if supplied at\r\ninstance launch time. 1.0 ramdisk-id The ID of the RAM disk specified at launch time, if applicable. 2007-10-\r\n10 reservation-id The ID of the reservation. 1.0 security-groups\r\nThe names of the security groups applied to the instance.\r\nAfter launch, you can change the security groups of the instances. Such changes are reflected here and in\r\nnetwork/interfaces/macs/ mac /security-groups.\r\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\r\nPage 3 of 4\n\n1.0 services/domain\r\nThe domain for AWS resources for the Region.\r\n2014-02-25 services/partition\r\nThe partition that the resource is in. For standard AWS Regions, the partition is aws . If you have resources in\r\nother partitions, the partition is aws- partitionname . For example, the partition for resources in the China\r\n(Beijing) Region is aws-cn .\r\n2015-10-20 spot/instance-action\r\nThe action (hibernate, stop, or terminate) and the approximate time, in UTC, when the action will occur. This item\r\nis present only if the Spot Instance has been marked for hibernate, stop, or terminate. For more information, see\r\ninstance-action.\r\n2016-11-15 spot/termination-time\r\nThe approximate time, in UTC, that the operating system for your Spot Instance will receive the shutdown signal.\r\nThis item is present and contains a time value (for example, 2015-01-05T18:02:00Z) only if the Spot Instance has\r\nbeen marked for termination by Amazon EC2. The termination-time item is not set to a time if you terminated the\r\nSpot Instance yourself. For more information, see termination-time.\r\n2014-11-05 system The underlying virtualization type (hypervisor) of the instance. 2022-09-24 tags/instance\r\nThe instance tags associated with the instance. Only available if you explicitly allow access to tags in instance\r\nmetadata. For more information, see Enable access to tags in instance metadata. 2021-03-23\r\nSource: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\r\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html"
	],
	"report_names": [
		"ec2-instance-metadata.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434111,
	"ts_updated_at": 1775791304,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/dff8b02605cd0b6004b9099f4b7e5e6e6874546a.pdf",
		"text": "https://archive.orkl.eu/dff8b02605cd0b6004b9099f4b7e5e6e6874546a.txt",
		"img": "https://archive.orkl.eu/dff8b02605cd0b6004b9099f4b7e5e6e6874546a.jpg"
	}
}